markofu’s blog

On July 9th, the Riot InfoSec team will be hosting a security event in our new office , which will include: talks from Rioters the chance for you to see and play with some of our security tools time to play some games with us! Riot is dedicated to positively engaging with the industry and its community, and the Riot InfoSec team are psyched to further that mission in Dublin - we want to share and to learn.  If you work in Riot or engage with Rioters, you may hear the term “default to trust” and this is a huge part of our culture. It’s not just “talk”, it’s something that I see on a daily basis and to me, this is very special. I've linked two posts that touch on this aspect below - http://venturebeat.com/2015/02/04/riot-games-brandon-beck-says-game-industry-is-under-investing-in-its-people/ https://www.linkedin.com/pulse/hard-realities-working-riot-games-one-year-later-jonathan-pan As a result, we (in Riot InfoSec) wanted to “walk the walk” also...

It's no surprise that attackers will use recruiters as targets for a compromise and like many companies, we've seen the usual applications with XSS and macros. Today I received something slightly different which I figured was worth sharing - As you'd expect, the candidate details are fabricated so we can't progress :( P.S. We are actually hiring in Dublin, Istanbul, St Louis and LA for security engineers:) 

Socialising Security @ Riot Quick Link: Presentation here . Background In late November last year, I had the honour of following the illustrious David Rook (ex-SecurityNinja :) ) in the Owasp Dublin Chapter meeting (thanks Ow en & Owasp Ireland) . Quite a few people (mostly Chris John Riley ) reached out and said: “The presentation looks cool and I'm jealous of the cool artwork but context, need MOAR context!” From an OpSec perspective, it's not always possible to include all the context when it comes to publicising security presentations, but @Riot, the goal of the InfoSec team is to socialise security within Riot, our players, the gaming community and the security community. Tl;dr Each Rioter is responsible for their own security   Riot has posed very new challenges (for me) - Scale Volume of Incidents (i.e. a successful compromise, a leak, a ddos attack) Open policy to security ( this is the bit that will draw the crowd ) We want to...